Menu
▾
▴
Re: [Unity-idm-discuss] adding ORCID as attribute without identity linking
|
From: Sander A. <sa....@fz...> - 2023-07-06 10:19:16
|
Hi Krzysztof, we have home IdPs + ORCID/Google/Github as upstream IdPs. Unity interacts as proxy. User can sign in with all of them, but using home IdP can give already access to resources. We can not use the account linking because the user must lose access to the resources, when they leave the home organisation. We have some services which already want to have the ORCID ID of the user. Of course we can create an attribute and user needs to enter it manually during sign up or later in userhome endpoint. But manual steps offer the option for mistakes. So our question would be if there is a way to get the ID from ORCID directly, like the sign up using ORCID, but without account linking. Best regards, Sander On Thu, 2023-07-06 at 12:00 +0200, Krzysztof Benedyczak wrote: > Hi Sander, > > W dniu 6.07.2023 o 10:42, Sander Apweiler pisze: > > Hi Krzysztof, hi Roman, > > we see a growing number of requests to the ORCID ID of researchers > > and > > services who want this information from the IdM system. The primary > > identity of the users is bound to the home organisation. Since > > there > > are resources bound to this identities, we do not want to perform > > account linking, unless we can remove all privileges, based on the > > organisation login, of the users, if the user left the > > organisation. > > ORCID login is an alternativ for researchers where the home > > organisation does not release all mandatory attributes. > > > > Is it possible to get the ID directly from ORCID and storing this > > as > > attribute, without account/identity linking? > > I'm not sure if I understand the scenario. Can you describe the flow > precisely? I wonder how and when Unity instance shall authorize to > ORCID > to get this identity info? > > I understand that you have a user that has some home IdP + ORCID id. > This user can login via Unity acting as a proxy to home IdP. And now > how > ORCID fits here? > > Best, > Krzysztof > -- Federated Systems and Data Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Stefan Müller Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Dr. Ir. Pieter Jansens, Prof. Dr. Astrid Lambrecht, Prof. Dr. Frauke Melchior ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
